Vulnerability Details CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.15
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 2.7
Proposed Action
Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.
Ransomware Campaign
Known
References
Products affected by CVE-2024-55550
-
cpe:2.3:a:mitel:micollab:-
-
cpe:2.3:a:mitel:micollab:7.3
-
cpe:2.3:a:mitel:micollab:8.0
-
cpe:2.3:a:mitel:micollab:8.1
-
cpe:2.3:a:mitel:micollab:8.1.1
-
cpe:2.3:a:mitel:micollab:8.1.2
-
cpe:2.3:a:mitel:micollab:9.0
-
cpe:2.3:a:mitel:micollab:9.1
-
cpe:2.3:a:mitel:micollab:9.1.2
-
cpe:2.3:a:mitel:micollab:9.1.3
-
cpe:2.3:a:mitel:micollab:9.2
-
cpe:2.3:a:mitel:micollab:9.3
-
cpe:2.3:a:mitel:micollab:9.4
-
cpe:2.3:a:mitel:micollab:9.5.0.101
-
cpe:2.3:a:mitel:micollab:9.6
-
cpe:2.3:a:mitel:micollab:9.6.2.9
-
cpe:2.3:a:mitel:micollab:9.7
-
cpe:2.3:a:mitel:micollab:9.8